font_assets icon indicating copy to clipboard operation
font_assets copied to clipboard
verified publisher icon ericallam

Let other preflight requests through

Open will-r opened this issue 11 years ago • 2 comments

This is a very nice fix but I can't use it because it catches all OPTIONS requests, not just those for font files.

We have a lot of other CORS requests coming into this service and many include credentials. In that case you can't give access to '*' but have to specify domains. Like everyone else we evade this protection by reflecting back the requesting domain. Font_assets intercepts the options request is before it gets to our controller, so this hack can't be applied.

The problem goes away if you omit the economical shortcut for preflight requests and allow them to go through the same if-font-then-headers routine as the main request. I'd be happy to prepare a PR and test case if that's an acceptable solution for you.

will-r avatar Sep 08 '14 05:09 will-r

I'd be happy to accept a PR and test case for this change. Send it along and I'll take a look :)

ericallam avatar Sep 08 '14 07:09 ericallam

For future readers, this has been fixed in https://github.com/ericallam/font_assets/pull/27

bradleypriest avatar Jun 30 '17 07:06 bradleypriest